This detection rule focuses on identifying PowerShell commands associated with directory enumeration, specifically targeting techniques used by the MAZE ransomware. The detection leverages the PowerShell Script Block Logging feature, which must be enabled for the rule to function correctly. The rule monitors for unintended use of common PowerShell cmdlets such as 'Get-ChildItem', which can indicate reconnaissance activity in an environment. It establishes a selection condition that looks for specific phrases in the executed PowerShell scripts that signal interaction with file directories, while also allowing for legitimate use cases to minimize false positives. Given the tactics employed by MAZE ransomware, this rule serves as a proactive measure to detect potentially malicious behavior before it can lead to a data breach or ransomware deployment.